While Apple addressed non-Java bugs in this update, the most interesting patch in this update was still Java related. A bug in OS X's Core Types component could allow a malicious website to launch a Java Web Start application even if the Java plug-in was disabled, Apple said in its release notes.

"It'll be something of a surprise for anyone who was relying on Apple's newfound strictness against Java to find that turning Java off in your browser didn't necessarily have the desired effect!" Paul Ducklin, head of technology for Asia-Pacific region of Sophos, wrote on Naked Security.

Apple has enabled several features in the past to automatically disable the Java plugin in the browser if it hasn't been used recently, and the latest update disabled older version of Java if it hadn't been updated recently. This bug meant disabling Java in the browser did not make Macs any safer from attack.

Security Fixes Of the vulnerabilities fixed in the latest Mac OS X Mountain Lion update, 11 could be exploited to allow remote code execution, Apple said. There were fixes related to data leakage and incorrect authentication, Ducklin also noted. An error in how VoiceOver interacted with the Login Window allowed a person with keyboard access to launch the System Preferences control panel and alter system configuration details prior to login.

Disable "Safe" File TypesSean Sullivan, a security researcher with F-Secure noted that Apple has the "Open 'safe' files after downloading" command enabled by default in the new update. "Safe" files include pictures, PDF files, movies, sounds, documents, and archives. While they are the most commonly used files, don't forget those are the most common attack vectors. Imagine what would happen if a malicious Web page downloaded a PDF file onto your computer without your permission. Instead of letting the operating system automatically open files downloaded onto your machine, experts recommend opening up files manually.

Update NowApple also included some new features to improve software stability and compatibility, such as adding ability to redeem iTunes gift cards in the Mac App Store, expanding Boot Camp support for Windows 8, and improving the Mail app's compatibility with Microsoft Exchange. The update also resolved bugs in various applications, including the Safari Web browser.

The OS X Mountain Lion v10.8.3 update is available to users via the Software Update mechanism.

Fahmida Y. Rashid is a senior analyst for business at PCMag.com. She focuses on ways businesses can use technology to work efficiently and easily. She is paranoid about security and privacy, and considers security implications when evaluating business technology. She has written for eWEEK, Dark Reading, and SecurityWeek covering security, core Internet infrastructure, and open source.
Follow me on Twitter: zdfyrashid
More »